Java Code Examples for org.apache.cxf.rs.security.jose.jwe.JweUtils

The following examples show how to use org.apache.cxf.rs.security.jose.jwe.JweUtils. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: thorntail   Source File: DefaultJoseImpl.java    License: Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getDecryptionProvider(Properties props, JweHeaders headers) {
    if (config.acceptEncryptionAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweDecryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweDecryptionProvider(loadJsonWebKey(encryptionKeyAlias()),
                ContentAlgorithm.getAlgorithm(config.contentEncryptionAlgorithm()));
        }
    } else {
        return JweUtils.loadDecryptionProvider(props, headers);
    }
}
 
Example 2
Source Project: cxf   Source File: BookStore.java    License: Apache License 2.0 6 votes vote down vote up
private String getRecipientText(JweJsonConsumer consumer, String recipientPropLoc, String recipientKid) { 
    Message message = JAXRSUtils.getCurrentMessage();
    
    
    Properties recipientProps = JweUtils.loadJweProperties(message, recipientPropLoc);
    JsonWebKey recipientKey = JwkUtils.loadJwkSet(message, recipientProps, null).getKey(recipientKid);
    
    ContentAlgorithm contentEncryptionAlgorithm = JweUtils.getContentEncryptionAlgorithm(recipientProps);
    
    JweDecryptionProvider jweRecipient = 
        JweUtils.createJweDecryptionProvider(recipientKey, contentEncryptionAlgorithm);
    
    JweDecryptionOutput jweRecipientOutput = 
        consumer.decryptWith(jweRecipient,
                             Collections.singletonMap("kid", recipientKid));
    return jweRecipientOutput.getContentText();
}
 
Example 3
Source Project: cxf   Source File: OAuthServerJoseJwtProducer.java    License: Apache License 2.0 6 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) {
    JweEncryptionProvider theEncryptionProvider = null;
    if (encryptWithClientCertificates && c != null && !c.getApplicationCertificates().isEmpty()) {
        X509Certificate cert =
            (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0));
        theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(),
                                                                     KeyAlgorithm.RSA_OAEP,
                                                                     ContentAlgorithm.A128GCM,
                                                                     null);
    }
    if (theEncryptionProvider == null && c != null && c.getClientSecret() != null) {
        theEncryptionProvider = super.getInitializedEncryptionProvider(c.getClientSecret());
    }
    return theEncryptionProvider;

}
 
Example 4
Source Project: cxf   Source File: ApacheCXFProducer.java    License: Apache License 2.0 6 votes vote down vote up
private void produceJsonJWE(String plainText, JsonWebKey key, JweHeaders protectedHeaders,
    JweHeaders unprotectedJweHeaders, JweHeaders recipientHeaders, boolean flattened) {
    JweJsonProducer jweProducer = new JweJsonProducer(protectedHeaders, unprotectedJweHeaders,
        plainText.getBytes(StandardCharsets.UTF_8), null, flattened);
    Map<String, Object> union = new HashMap<>();
    if (protectedHeaders != null) {
        union.putAll(protectedHeaders.asMap());
    }
    if (unprotectedJweHeaders != null) {
        union.putAll(unprotectedJweHeaders.asMap());
    }
    JweHeaders unionHeaders = new JweHeaders(union);
    JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, unionHeaders);
    String encryptedData = jweProducer.encryptWith(jweEncryptionProvider, recipientHeaders);
    JweJsonConsumer validator = new JweJsonConsumer(encryptedData);
    Assert.assertEquals(protectedHeaders.getKeyEncryptionAlgorithm(),
        validator.getProtectedHeader().getKeyEncryptionAlgorithm());
    Assert.assertEquals(protectedHeaders.getContentEncryptionAlgorithm(),
        validator.getProtectedHeader().getContentEncryptionAlgorithm());
    Assert.assertEquals(1, validator.getRecipients().size());
    Assert.assertEquals(recipientHeaders.getKeyId(),
        validator.getRecipients().get(0).getUnprotectedHeader().getKeyId());
}
 
Example 5
Source Project: cxf   Source File: ApacheCXFConsumer.java    License: Apache License 2.0 6 votes vote down vote up
private JweDecryptionProvider getJweDecryptionProvider(JsonWebKey key, KeyAlgorithm keyEncryptionAlgorithm,
    ContentAlgorithm contentEncryptionAlgorithm) {
    if (key.getAlgorithm() != null) {
        return JweUtils.createJweDecryptionProvider(key, contentEncryptionAlgorithm);
    }
    switch (key.getKeyType()) {
    case EC:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toECPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case RSA:
        return JweUtils.createJweDecryptionProvider(JwkUtils.toRSAPrivateKey(key), keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    case OCTET:
        SecretKey secretKey = CryptoUtils.createSecretKeySpec(
            (String) key.getProperty(JsonWebKey.OCTET_KEY_VALUE), keyEncryptionAlgorithm.getJavaName());
        return JweUtils.createJweDecryptionProvider(secretKey, keyEncryptionAlgorithm,
            contentEncryptionAlgorithm);
    default:
        throw new IllegalArgumentException("JWK KeyType not supported: " + key.getKeyType());
    }
}
 
Example 6
Source Project: thorntail   Source File: DefaultJoseImpl.java    License: Apache License 2.0 5 votes vote down vote up
private JweEncryptionProvider getEncryptionProvider(Properties props, JweHeaders headers) {
    if (isInlinedJwkSetAvailable()) {
        if (KeyAlgorithm.DIRECT == KeyAlgorithm.getAlgorithm(config.keyEncryptionAlgorithm())) {
            return JweUtils.getDirectKeyJweEncryption(loadJsonWebKey(encryptionKeyAlias()));
        } else {
            return JweUtils.createJweEncryptionProvider(loadJsonWebKey(encryptionKeyAlias()), headers);
        }
    } else {
        return JweUtils.loadEncryptionProvider(props, headers);
    }
}
 
Example 7
Source Project: cxf   Source File: ApacheCXFProducer.java    License: Apache License 2.0 5 votes vote down vote up
private void produceCompactJWE(String plainText, JsonWebKey key, JweHeaders headers) {
    JweCompactProducer jweProducer = new JweCompactProducer(headers, plainText);
    JweEncryptionProvider jweEncryptionProvider = JweUtils.createJweEncryptionProvider(key, headers);
    String encryptedData = jweProducer.encryptWith(jweEncryptionProvider);
    JweCompactConsumer validator = new JweCompactConsumer(encryptedData);
    Assert.assertEquals(headers.getKeyEncryptionAlgorithm(), validator.getJweHeaders().getKeyEncryptionAlgorithm());
    Assert.assertEquals(headers.getContentEncryptionAlgorithm(),
        validator.getJweHeaders().getContentEncryptionAlgorithm());
    Assert.assertEquals(headers.getKeyId(), validator.getJweHeaders().getKeyId());
}
 
Example 8
Source Project: cxf   Source File: JWTTokenProviderTest.java    License: Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example 9
Source Project: cxf   Source File: JWTTokenProviderTest.java    License: Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());

        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider)jwtTokenProvider).setSignToken(false);

        TokenProviderParameters providerParameters = createProviderParameters();
        providerParameters.setEncryptToken(true);
        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(
            ContentAlgorithm.A128CBC_HS256.name()
        );

        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertNotNull(providerResponse);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

        String token = (String)providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 5);

        if (unrestrictedPoliciesInstalled) {
            // Validate the token
            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
            Properties decProperties = new Properties();
            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
            KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM,
                              ContentAlgorithm.A128CBC_HS256.name());

            JweDecryptionProvider decProvider =
                JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

            JweDecryptionOutput decOutput = decProvider.decrypt(token);
            String decToken = decOutput.getContentText();

            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
            JwtToken jwt = jwtJwsConsumer.getJwtToken();

            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
            Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
            Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                                jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        }
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
 
Example 10
Source Project: cxf   Source File: JWTTokenProviderTest.java    License: Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();

    TokenProviderParameters providerParameters = createProviderParameters();
    providerParameters.setEncryptToken(true);

    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

    String token = (String)providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 5);

    if (unrestrictedPoliciesInstalled) {
        // Validate the token
        JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
        Properties decProperties = new Properties();
        Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
        KeyStore keystore = ((Merlin)decryptionCrypto).getKeyStore();
        decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
        decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
        decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");

        JweDecryptionProvider decProvider =
            JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());

        JweDecryptionOutput decOutput = decProvider.decrypt(token);
        String decToken = decOutput.getContentText();

        JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
        JwtToken jwt = jwtJwsConsumer.getJwtToken();

        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(),
                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    }

}
 
Example 11
Source Project: cxf   Source File: OAuthUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static JweDecryptionProvider getClientSecretDecryptionProvider(String clientSecret) {
    Properties props = JweUtils.loadEncryptionInProperties(false);
    byte[] key = StringUtils.toBytesUTF8(clientSecret);
    return JweUtils.getDirectKeyJweDecryption(key, getClientSecretContentAlgorithm(props));
}
 
Example 12
Source Project: cxf   Source File: OAuthUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static JweEncryptionProvider getClientSecretEncryptionProvider(String clientSecret) {
    Properties props = JweUtils.loadEncryptionInProperties(false);
    byte[] key = StringUtils.toBytesUTF8(clientSecret);
    return JweUtils.getDirectKeyJweEncryption(key, getClientSecretContentAlgorithm(props));
}
 
Example 13
Source Project: cxf   Source File: JoseClientCodeStateManager.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (decryptionProvider != null) {
        return decryptionProvider;
    }
    return JweUtils.loadDecryptionProvider(false);
}
 
Example 14
Source Project: cxf   Source File: JoseClientCodeStateManager.java    License: Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider() {
    if (encryptionProvider != null) {
        return encryptionProvider;
    }
    return JweUtils.loadEncryptionProvider(false);
}
 
Example 15
Source Project: cxf   Source File: JoseSessionTokenProvider.java    License: Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider() {
    if (jweEncryptor != null) {
        return jweEncryptor;
    }
    return JweUtils.loadEncryptionProvider(jweRequired);
}
 
Example 16
Source Project: cxf   Source File: JoseSessionTokenProvider.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider() {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweRequired);
}
 
Example 17
Source Project: cxf   Source File: JweWriterInterceptor.java    License: Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders headers) {
    if (encryptionProvider != null) {
        return encryptionProvider;
    }
    return JweUtils.loadEncryptionProvider(headers, true);
}
 
Example 18
Source Project: cxf   Source File: AbstractJweJsonDecryptingFilter.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example 19
Source Project: cxf   Source File: AbstractJweDecryptingFilter.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders headers) {
    if (decryption != null) {
        return decryption;
    }
    return JweUtils.loadDecryptionProvider(headers, true);
}
 
Example 20
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static String encryptJwkSet(JsonWebKeys jwkSet, PublicKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
                            "jwk-set+json");
}
 
Example 21
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static String encryptJwkSet(JsonWebKeys jwkSet, SecretKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkSetToJson(jwkSet)),
                            "jwk-set+json");
}
 
Example 22
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static JsonWebKeys decryptJwkSet(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                        String jsonJwkSet) {
    return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
}
 
Example 23
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static JsonWebKeys decryptJwkSet(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                        String jsonJwkSet) {
    return readJwkSet(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwkSet)));
}
 
Example 24
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static String encryptJwkKey(JsonWebKey jwkKey, PublicKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
                            "jwk+json");
}
 
Example 25
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static String encryptJwkKey(JsonWebKey jwkKey, SecretKey key, KeyAlgorithm keyAlgo,
                                   ContentAlgorithm contentAlgo) {
    return JweUtils.encrypt(key, keyAlgo, contentAlgo, StringUtils.toBytesUTF8(jwkKeyToJson(jwkKey)),
                            "jwk+json");
}
 
Example 26
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static JsonWebKey decryptJwkKey(PrivateKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                       String jsonJwk) {
    return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
}
 
Example 27
Source Project: cxf   Source File: JwkUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static JsonWebKey decryptJwkKey(SecretKey key, KeyAlgorithm keyAlgo, ContentAlgorithm ctAlgo,
                                       String jsonJwk) {
    return readJwkKey(toString(JweUtils.decrypt(key, keyAlgo, ctAlgo, jsonJwk)));
}
 
Example 28
Source Project: cxf   Source File: AbstractJoseProducer.java    License: Apache License 2.0 4 votes vote down vote up
protected JweEncryptionProvider getInitializedEncryptionProvider(JweHeaders jweHeaders) {
    if (encryptionProvider != null) {
        return encryptionProvider;
    }
    return JweUtils.loadEncryptionProvider(jweHeaders, false);
}
 
Example 29
Source Project: cxf   Source File: AbstractJoseConsumer.java    License: Apache License 2.0 4 votes vote down vote up
protected JweDecryptionProvider getInitializedDecryptionProvider(JweHeaders jweHeaders) {
    if (jweDecryptor != null) {
        return jweDecryptor;
    }
    return JweUtils.loadDecryptionProvider(jweHeaders, false);
}